OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: x x (km1x_at_hotmail.com)
Date: Fri Sep 27 2002 - 09:14:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I dunno about the buddy list thing, but the inability to view the source in
    IE isn't surprising. Note that the HTML below contains a META refresh that
    redirects you to the .com file. Once this fires, the browser discards the
    HTML file containing the redirect and reqeusts the .com file. When you
    cancel the download dialog and try to view source, there's nothing to see
    because the browser has no document loaded. If you turn off Meta refresh
    before hitting the page, you'd see the HTML page below, and could view the
    source.

      -K

    >A coworker of mine (Tim) recently found a buddy on his buddy list who he
    >didn't know (JDogg786). When Tim sent a message to him/her, he got a
    >response back "Hmmmm.. http://24.74.206.239:8180/"
    >
    >When he clicked on the link, it took him to a page which redirected to a
    >download of a file ending in .com, which he promptly alerted me to and did
    >not run it.
    >
    >I tried to go to this link, it tried to download the file. I hit cancel,
    >then I tried to view the source of the page. From the View menu, or right
    >clicking on the page, and clicking View Source, nothing happened.
    >
    >I eventually got the source using wget, which is shown below.
    >
    >Question 1: Is there a way a web page can add a buddy to your AIM list
    >without your knowledge?
    >
    >Question 2: How was I prevented from viewing the source of the HTML page
    >in IE?
    >
    >I wgetted the psecure20x-cgi-install.version6.01.bin.hx.com file as well
    >for anyone who wants to look at it, just in case the above link does not
    >work any more.
    >
    >
    >-- BEGIN SOURCE --
    >
    ><html><head><title>Browser Plugin Requried</title><meta
    >http-equiv="refresh" content="1;
    >url=psecure20x-cgi-install.version6.01.bin.hx.com"></head><bod
    >y><h1>Browser Plugin Required:</h1><br>You may need to restart your browser
    >for changes to take affect.<br>Security Certificate by <a
    >href="http://www.verisign.com">Verisign</a> 2002.<br>MD5:
    >9DD756AC-80E057FC-E00703A2-F801F2E3<br><br>Click <a
    >href="psecure20x-cgi-install.version6.01.bin.hx.com">HERE</a> and choose
    >"Run" to install.</body></html>
    >
    >-- END SOURCE --

    _________________________________________________________________
    Chat with friends online, try MSN Messenger: http://messenger.msn.com

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com